Threat Intelligence

Global Critical Infrastructure Targeted by Russian State-Backed Hackers

Share

North and Latin America, Europe, Central Asia, and other countries part of NATO had their critical infrastructure industries subjected to cyberespionage attacks by Russian threat operation Cadet Blizzard, also known as Ember Bear and is associated with the Russian Main Directorate of the General Staff of the Armed Forces' Unit 29155, since 2020, according to BleepingComputer.

Attacks of the hacking group, which have been redirected to targeting pro-Ukraine efforts since 2022, also involved domain scanning across several European Union nations and more than two dozen NATO members, as well as the exposure of stolen data through public domains, a joint advisory from the FBI, Cybersecurity and Infrastructure Security Agency, National Security Agency, and U.S. allies' law enforcement and cybersecurity agencies showed.

"These individuals appear to be gaining cyber experience and enhancing their technical skills through conducting cyber operations and intrusions. Additionally, FBI assesses Unit 29155 cyber actors rely on non-GRU actors, including known cyber-criminals and enablers to conduct their operations," said the advisory.

Such an advisory comes as the U.S. offered up to $10 million in rewards and indicted suspected Unit 29155 members Vladislav Borovkov, Yuriy Denisov, Denis Igorevich Denisenko, Dmitry Yuryevich Goloshubov, and Nikolay Aleksandrovich Korchagin for their involvement in intrusions against Ukraine and its Western allies.